More than half of UK companies are considering hiring ex-hackers in a bid to get ahead of cyber criminals, according to the latest research from KPMG.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

A poll of 300 senior IT and human resources professionals revealed that the inability to find people with the necessary cyber security skills is forcing many companies to consider poachers turned gamekeepers.

According to the poll, 53% of respondents said they would consider using a hacker to bring inside information to their security teams. A similar proportion said they would also consider recruiting an expert even if that person had a previous criminal record.

In particular, 60% said they were struggling to find cyber experts who can effectively communicate with the business, which they see as vital to ensuring the cyber threat is well understood by corporate leaders outside the IT department.

While 60% claim to have a strategy to deal with any skills gaps, KPMG said the research makes it clear that there is a short supply of people with all the relevant skills.

According to the survey, 57% of respondents said it has become more difficult to retain staff in specialised cyber skills in the past two years.

The same number say the churn rate is higher in cyber security than for IT skills, and 52% said there is aggressive headhunting in this field.

“The increasing awareness of the cyber threat means the majority of UK companies are clear on their strategy for dealing with any skills gaps,” said Serena Gonsalves-Fersch, head of KPMG’s Cyber Security Academy.

“However, they would not hire pickpockets to be security guards, so the fact that companies are considering former hackers as recruits clearly shows how desperate they are to stay ahead of the game,” she said.

But according to Gonsalves-Fersch, there are other options. “Rather than relying on hackers to share their secrets, or throwing money at off-the-shelf programs that quickly become out of date, UK companies need to take stock of their cyber defence capabilities and act on the gaps that are specific to their own security needs,” she said.

Gonsalves-Fersch said that while it is important to have the technical expertise, it is just as important to translate that into the business environment in a language senior management can understand.

The research was released to coincide with the launch of a KPMG cyber awareness programme aimed at improving cyber security at all levels of an organisation.

The programme also includes a bridging course, designed to help IT and business departments understand the language and risks presented by cyber threats.

The Department for Business, Innovation and Skills (BIS) said that ensuring UK companies have the skills in their workforce to combat cyber-crime is essential to make the UK one of the safest places to do business online, and forms a core part of the government’s £860m National Cyber Security Strategy.

“We are working in partnership with industry and academia to improve cyber security skills at all levels, including developing guidance and training for businesses so they can deal with cyber threats to their information and services,” a BIS spokesman said in a statement.

This includes increasing cyber skills training in the UK education system, providing tailored training for members of business and the general public, and publishing guidance on how companies can develop effective strategies to counter online threats to their business.

“Our work with the Cyber Security Challenge and Tech Partnership not only ensures cyber security is part of what is learned at school, but also helps raise awareness of cyber security as an exciting, rewarding and legitimate career prospect,” the BIS spokesman said.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy